WORLD INTELLECTUAL PROPERTY ORGANIZATION 
International Bureau 




PCX 

INTERNATIONAL APPLICATION PUBLISHED UNDER THE PATENT COOPERATION TREATY (PCT) 



(51) International Patent Classification 1 : 
H04L 



A2 



(11) International Publication Number: WO 00/14919 

(43) International Publication Date: 16 March 2000 (16.03.00) 



(21) International Application Number: PCT/IL98/00427 

(22) International Filing Date: 2 September 1998 (02.09.98) 



(71) Applicant (for all designated States except US): N.C.C. EX- 

PORT SYSTEMS 1995 LTD. [IIVIL]; Shenker Street 20, 
Kiryai Arieh. 49513 Petach Tikva (IL), 

(72) Inventor; and 

(75) Inventor/Applicant (for US only): ALTER, Meir [IL/IL]; 
Shenker Street 20, Kiryat Arieh. 49513 Petach Tikva (IL). 

(74) Agents: SANFORD, T., Colb et al.; Sanford T. Colb & Co.. 
P.O. Box 2273, 76122 Rchovot (IL). 



(81) Designated States: AL, AM, AT, AT (Utility model), AU, AZ, 
BA. BB. BG. BR, BY, CA, CH. CN, CU, CZ, CZ (Utility 
model), DE, DE (Utility model), DK, DK (Utility model), 
EE, EE (Utility model), ES, FI, FI (Utility model), GB, GE, 
GH, GM, HR, HU, ID, IL, IS, JP. KE, KG, KP, KR, KZ, 
LC, LK, LR, LS, LT, LU, LV, MD, MG, MK, MNTMW, 
MX, NO, NZ, PL, PT, RO, RU, SD, SE, SG, SI, SK. SK 
(Utility model), SL, TJ, TM, TR, TT, UA, UG, US, UZ, 
VN, YU, ZW, ARIPO patent (GH, GM, KE, LS, MW, SD, 
SZ, UG, ZW), Eurasian patent (AM, AZ, BY, KG, KZ, MD, 
RU, TJ, TM), European patent (AT, BE, CH, CY, DE, DK, 
ES, FI, FR, GB, GR, IE, IT, LU, MC, NL, PT, SE), OAPI 
patent (BF, BJ, CF, CG, CI, CM, GA, GN, GW, ML, MR, 
NE. SN, TD, TG). 



Published 

Without international search report and to be republished 
upon receipt of that report. 



(54) Title: APPARATUS AND METHODS FOR CONNECTING A NETWORK USER TO A NETWORK SERVICE PROVIDER 



^select: 




lost 






cheap 






cost 

^ effective 








(57) Abstract 

A system for connecting to Internet service providers via networking circuitry, the system including a user interface operative to display 
information regarding a plurality of Internet service providers including quality of service information and to accept a user's choice of an 
Internet service provider from among the plurality of Internet service providers, thereby to define a user-selected Internet service provider, 
and a configurator operative to connect the user to the user-selected Internet service provider by generating an on-the-fly configuration of 
the networking circuitry. 



FOR THE PURPOSES OF INFORMATION ONLY 



Codes used to identify States party to the PCX on the front pages of pamphlets publishing international applications under the PCT. 



AL 


Albania 


E5 


Spain 


LS 


Lesotho 


SI 


Slovenia 


AM 


Armenia 


Fl 


Finland 


LT 


Lithuania 


SK 


Slovakia 


AT 


Austria 


PR 


France 


LU 


Luxembourg 


SN 


Senegal 


AU 


Australia 


CA 


Gabon 


LV 


Latvia 


sz 


Swaziland 


AZ 


Azerbaijan 


GB 


United Kingdom 


MC 


Monaco 


TD 


Chad 


BA 


Bosnia and Herzegovina 


GE 


Georgia 


MD 


Republic of Moldova 


TG 


Togo 


BB 


Barbados 


GH 


Ghana 


MG 


Madagascar 


TJ 


Tajikistan 


BE 


Belgium 


GN 


Guinea 


MK 


The former Yugoslav 


TM 


'l^lrkmcnistan 


BF 


Burkina Faso 


GR 


Greece 




Republic of Macedonia 


TR 


Turkey 


BG 


Bulgaria 


HU 


Hungary 


ML 


Mali 


TT . 


Trinidad and Tobago 


BJ 


Benin 


IE 


Ireland 


MN 


Mongolia 


UA 


Ukraine 


BK 


Brazil 


IL 


Israel 


MR 


Mauritania 


UG 


Uganda 


BY 


Belarus 


IS 


Iceland 


MW 


Malawi 


US 


United States of America 


CA 


Canada 


IT 


Italy 


MX 


Mexico 


UZ 


Uzbekistan 


CF 


Central African Republic 


JP 


Japan 


NE 


Niger 


VN 


Vict Nam 


CG 


Congo 


KE 


Kenya 


NL 


Netherlands 


YU 


Yugoslavia 


CH 


Switzerland 


KG 


Kyrgyzstan 


NO 


Norway 


ZW 


Zimbabwe 


CI 


C6te d'lvoire 


KP 


Democratic People's 


NZ 


New Zealand 






CM 


Cameroon 




Republic of Korea 


PL 


Poland 






CN 


China 


KR 


Republic of Korea 


PT 


Portugal 






CU 


Cuba 


KZ 


Kazakstan 


RO 


Romania 






cz 


Czech Republic 


LC 


Saint Lucia 


RU 


Russian Federutton 






D£ 


Germany 


U 


Liechtenstein 


SD 


Sudan 






DK 


Denmark 


LK 


Sri Lanka 


SE 


Sweden 






EE 


Estonia 


LR 


Liberia 


SG 


Singapore 







wo 00/14919 



PCT/IL98/00427 



APPARATUS AND METHODS FOR CONNECTING A NETWORK USER TO A NETWORK SERVICE 

PROVIDER 

5 FELD OF THE INVENTION 

The present invention relates to apparatus and methods for connecting a 
user to a network such as the Internet, and in particular to providing connections 
between users and ISPs (Internet Service Providers). 

10 

BACKGROUND OF THE INVENTION 

A plethora of ISPs (Internet service providers) are in operation which 
provide access to the Internet. Users must sign up with each ISP directly and cannot 

15 switch between ISPs on the fly. 

It is well-known in the art for an ISP to provide its own POP (point of 
presence) in every local area where the ISP wishes to provide connection service for 
individual users. Typically, the ISP establishes, for each POP, an office includmg a 
defined number of telephone lines, each telephone line being associated with a modem, 

20 an ISDN connection, or similar terminal equipment, and each telephone line being 
intended to support a single individual user dial-in connection. Typically, multiplexing 
equipment, routing equipment, and other communications equipment is provided locally 
at the POP to complete the connection between the individual user and the Internet. 

The RADIUS (Remote Authentication Dial In User Service) protocol, 

25 described in RFC 2138 and RFC 2139, both dated April 1997 and both published by the 
Internet Engineering Task Force can be used to remotely authenticate a dial-in user of a 
computer service. 

IP addressing rules related to the field of the present invention are 
described in RFC 1918 of the Internet Engineering Task Force. 
30 Inverse Network Technology, Inc. generates performance profiles for 

various Internet Service Providers. 

ISP Alliance, Inc. provides a shared cost, transparent services system 
which allows a subscriber to provide Internet services to customers without actually 
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having the infrastructure to provide the Internet services. 

The disclosures of all references mentioned above and throughout the 
present specification are hereby incorporated herein by reference. 
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SUMMARY OF THE INVENTION 



The present invention seeks to provide improved apparatus and 
methods for connecting a user to a network such as the Internet. 

There is thus provided in accordance with a preferred embodiment of 
the present invention a system for connecting to Internet service providers via 
networking circuitry, the system including a user interface operative to accept a user's 
choice of an Internet service provider from among a plurality of Internet service 
providers and a configurator operative to connect the user to the user-selected Internet 
service provider by generating an on-the-fly configuration of the networking circuitry. 

The user interface may include a web-based display. The term "web- 
based display" is used throughout the present specification and claims to refer to an 
HTML (Hypertext Markup Language) or similar page that may be viewed by a standard 
WWW browser or a similar program. 

The user interface may include a display of at least some of the plurality 
of Internet service providers. 

Preferably, initial communications between user and the system of the 
present invention, until selection of an ISP by the user, are carried out using IP 
protocol and the server of the system allocates an internal IP address to the user. 
Once the user selects an ISP, a second IP address is allocated to the user, from 
among a pool of IP addresses belonging to the selected ISP. The second IP address is 
used, typically via network address translation (NAT) as is well known in the art, as an 
external address representing the user to the Internet. The internal IP address is typically 
retained by the user until logging out of the system or hanging up the connection. 

Preferably, a telephone company allocates to the system of the present 
invention a local number which any subscriber can dial. The subscriber connects to the 
system of the present invention via the telephone company and a conventional 
modem. Typically, the telephone company subscriber's telephone number functions as 
his or her login/password and no additional password need be assigned to him or her. 

Preferably, the telephone company subscriber is billed for use of the 
system of the present invention, as pan of their telephone bill, similar to billing of 
other special services provided over the telephone such as long distance service. The 
subscriber therefore does not need to provide his or her credit card number. 
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Also provided, in accordance with a preferred embodiment of the 
present invention, is a method for connecting to Internet service providers via 
networking circuitry, the method including displaying a list of a plurality of Internet 
service providers to a user, accepting a user's choice of an Internet service provider 
from among the plurality of Internet service providers, and connecting the user to the 
user-selected Internet service provider by generating an on-the-fly configuration 
of the networking circuitry. 

There is also provided in accordance with another preferred embodiment 
of the present invention a system for connecting to Internet service providers via 
networking circuitry, the system including a user interface operative to display 
information regarding a plurality of Internet service providers including quality of 
service information and to accept a user's choice of an Internet service provider from 
among the plurality of Internet service providers, thereby to define a user-selected 
Internet service provider, and a configurator operative to connect the user to the user- 
selected Internet service provider by generating an on-the-fly configuration of the 
networking circuitry. 

Further in accordance with a preferred embodiment of the present 
invention the user interface includes a web-based display. 

Still fijrther in accordance with a preferred embodiment of the present 
invention the user interface includes a display of at least some of the plurality of 
Internet service providers. 

Additionally in accordance with a preferred embodiment of the present 
invention the system also includes user identification apparatus operative to identify the 
user. 

Moreover in accordance with a preferred embodiment of the present 
invention the user identification apparatus is operative to identify the user based on a 
telephone number used by the user to establish a connection with the system. 

There is also provided in accordance with another preferred embodiment 
of the present invention a method for connecting to Internet service providers via 
networking circuitry, the method including displaying information regarding a plurality 
of Internet service providers including quality of service information, accepting a user's 
choice of an Internet service provider from among the plurality of Internet service 
providers, thereby to define a user-selected Internet service provider, and connecting the 



wo 00/1 491 9 PCT/IL98/00427 
user to the user-selected Internet service provider by generating an on-the-fly 
configuration of the networking circuitry. 

There is also provided in accordance with another preferred embodiment 
of the present invention a virtual point of presence (POP) including a routing center 
5 operative to communicate with a network user and with at least one Internet Service 
Provider (ISP) and to route communications therebetween, and an authentication and 
ISP routing center receiving an identification of the network user from the routing center 
and operative to authenticate the network user based, at least in part, on the 
identification of the network user, and to choose an ISP and to communicate an ISP 
10 identification identifying the ISP to the routing center, the routing center being 
operative, upon receipt of the ISP identification, to route communications from the 
network user to an ISP associated with the ISP identification. 

Further in accordance with a preferred embodiment of the present 
invention the authentication and ISP routing center is operative to choose the ISP based 
15 on a telephone number of the network user. 

Further in accordance with a preferred embodiment of the present 
invention the authentication and ISP routing center is operative to choose the ISP based, 
at least in pan, on at least one of the following a telephone number of the network user, 
identifying information of the network user, and profile information of the network user. 
20 Further in accordance with a preferred embodiment of the present 

invention the routing center is also operative to maintain accounting records of routing 
services performed for the network user and the ISP. 

There is also provided in accordance with another preferred embodiment 
of the present invention a method for providing a virtual point of presence (POP) using a 
25 network routing center, the method including providing communications, from the 
network routing center, with a network user and with at least one Internet Service 
Provider (ISP), receiving an identification of the network user from the routing center, 
authenticating the network user based, at least in part, on the identification of the 
network user, choosing an ISP and communicating an ISP identification identifying the 
30 ISP to the routing center, and routing communications from the network user to an ISP 
associated with the ISP identification. 

Further in accordance with a preferred embodiment of the present 
invention the method also includes storing utilization information in a database. 
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Still further in accordance with a preferred embodiment of the present 
invention the method also includes producing a repon based on the utilization 
information. 

There is also provided in accordance with another preferred embodiment 
of the present invention a payment processing method for processing payments over a 
network, the network including a routing center for routing communications between at 
least one user and at least one service provider, the method including establishing a 
connection, through the routing center, between a user and a service provider, routing 
communications, at the routing center, between the user and the service provider, 
requesting, through the service provider, an item associated with a payment, initiating, at 
the routing center, an authorization of the payment, and receiving, at the routing center, 
billing information including a request to pay the payment. 

Further in accordance with a preferred embodiment of the present 
invention the method also includes paying the requested payment from the routing 
center. 

Still further in accordance with a preferred embodiment of the present 
invention the paying step includes aggregating a plurality of requested payments into a 
single payment. 

Additionally in accordance with a preferred embodiment of the present 
invention the service provider includes an Internet service provider (ISP), and the 
requesting step includes requesting an item from a World Wide Web (WWW) site. 

Moreover in accordance with a preferred embodiment of the present 
invention the system includes an on-the-fly ISP performance monitor operative to 
monitor performance of at least one ISP on the fly and to supply at least one quality of 
service parameter to the user interface for display. 

Further in accordance with . a preferred embodiment of the present 
invention the system also includes an infrastructure leaser operative to lease network 
infrastructure to at least one Internet service provider. 

Additionally in accordance with a preferred embodiment of the present 
invention the infrastructure leaser is operative to lease network infrastructure to at least 
one Internet service provider from among the plurality of Internet service providers. 

Moreover in accordance with a preferred embodiment of the present 
invention the system also includes a resource utilization monitor operative to record 
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information regarding occurrence of at least one of the following situations with respect 
to network infrastructure leased by at least one Internet service provider: 
underutilization of the infrastructure leased by the at least one Internet service provider, 
and overutilization of the infrastructure leased by the at least one Internet service 
5 provider. 

Further in accordance with a preferred embodiment of the present 
invention the recording step is performed on the fly. 
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BRIEF DESCRIPTION OF THE DRAWINGS 
The present invention will be understood and appreciated from the 
following detailed description, taken in conjunction with the drawings in which: 

Fig. 1 is a simplified block diagram of apparatus, constructed and 
operative in accordance with a preferred embodiment of the present invention, for 
connecting a user to the Internet via any user-selected ISP from among a plurality 
oflSPs; 

Fig. 2 is an example of a screen display of the home user's computer of 

Fig. 1; 

Fig. 3 is a simplified flowchart illustration of a preferred method of 
operation for the apparatus of Fig. 1; 

Fig. 4 is a simplified block diagram illustration of apparatus for providing 
a virtual POP (point of presence) to an ISP, the apparatus being constructed and 
operative in accordance with another preferred embodiment of the present invention; 

Fig. 5 is a simplified flowchart illustration of a preferred method of 
operation of the apparatus of Fig. 4; 

Fig. 6 is a simplified block diagram illustration of a preferred embodiment 
of the routing center of Fig. 4; and 

Fig. 7 is a simplified flowchart illustration of a preferred method of 
operation of the apparatus of Fig. 1 or the apparatus of Fig. 4. 
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DETAILED DESCRIPTION OF PREFERRED EMBODIMENTS 

Reference is now made to Fig. 1 which is a simplified block diagram 
of apparatus 15, constructed and operative in accordance with a preferred 
embodiment of the present invention, for connecting a user to the Internet via any user- 
selected ISP from among a plurality of ISPs 10. 

As shown, the apparatus of Fig. 1 includes the following sub- 
systems: 

An authentication server 14 that validates if the user can use the service; 
An accounting server/manager 20 that monitors the start and end of the 
connections to the service and to a specific ISP 10; 

An IP address manager 30 that allocates and collects back IP addresses 
of each ISP 10. Typically, each ISP allocates a typically static pool of available IP 
addresses from the IP address pool assigned to that ISP and communicates information 
including the available IP addresses to the IP address manager 30 by any appropriate 
means. The IP address manager 30 keeps track of the available IP addresses for each 
ISP and allocates an appropriate IP address on demand. When a user disconnects from 
the ISP the IP address manager preferably reclaims the address for future users; 

A router configuring engine 40 that, configures the router 50 in order 
to connect the user to a desired ISP 10; and 

A network access server (NAS) 60 is operative to generate an 
appropriate user interface, preferably a GUI (graphical user interface) that presents the 
user with the ISP 10 and their rates and enables the user to choose an ISP 10, change 
an ISP 10 and elect to disconnect from an ISP 10. Typically, the GUI comprises an 
HTML file sent by the NAS 60 to the computer 70 of the home user(VIA A 
NETWORK 80?). This HTML file is typically rendered as a GUI screen by the web 
browser of home computer 70. 

Typically, the GUI displays to the user the speed of each ISP's 
connection to the Internet, where the displayed speed is preferably the actual speed 
from the user's perspective, but may alternatively comprise one or more speeds of 
components of the ISP's network. 

Preferably, the GUI displays some or all of the following options: 
1 . Connect to fastest ISP. 
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2. Connect to cheapest ISP. 

3. Connect to most cost-effective ISP. 

Preferably, an ISP performance manager 90 is provided which 
monitors the performance level of each ISP 10 and generates quality of service statistics. 
The results are typically aggregated by time and statistics for the last measured 
period are typically shown to the user. Actual performance of an IDS may typically be 
based on the time required for the ISP performance manager 90 to perform a predefined 
set of tasks, such as retrieving specified Internet information or executing an Internet 
ping, through each ISP 10. Under this definition of actual performance, a shorter time 
to complete the task indicates greater actual performance. 

Preferably, each ISP is provided with an ISP manager which allows 
each ISP to collect information such as currently connected user report, port 
monitoring, accounting and billing information. 

Fig. 2 is an example of a screen display which may be generated by the 
GUI of NAS 60. As shown, the screen display includes a list of a plurality of ISPs 10 
plus comparative data regarding each of the ISPs, thereby allowing a user to make an 
intelligent choice, for example, by pressing the appropriate "Connect" screen button. 

Fig. 3 is a simplified flowchart illustration of a preferred method of 
operation for the apparatus of Fig. 1. As shown, in step 110, the user initially connects 
to NAS (Network Access Server) 60 (Fig. 1) via a network 80 such as a PSTN 
(Public Switched Telephone Network) or via the ISDN (Integrated Services Digital 
Network). 

In step 120, the NAS 60 authenticates the user, using a suitable protocol 
such as the RADIUS (Remote Authentication Dial In User Service) protocol, which 
protocol is well-known in the an and is described in RFC 2138 and RFC 2139, both 
dated April 1997 and both published by the Internet Engineering Task Force. The 
authentication may succeed, for example, if: 

a. the number called by the user is that of the central service, it 

being well known in the art, in the case of telephone numbers dedicated to a single ISP, 
to have a global service telephone number for Internet access, the global number being 
used from any location and switching to a local point of service being automatically 
accomplished; the present invention provides an analogous service for multiple ISPs; and 
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b, there is a CLID (calling number identification). In other words, 

optionally, each home computer 70 is assigned a caller ID. The user is prompted to 
enter his caller ED and the NAS 60 then performs a CLID procedure to determine 
whether the calling party is calling from a valid telephone number and is therefore an 
authorized user. 

In step 130, the authentication server 14 then requests an IP (Internet 
Protocol) address for the user from the IP (Internet protocol) addresses manager 30. 
The IP address which is assigned for this purpose is typically an IP address from the IP 
address pool of the service provider, as described above. In the present invention, each 
user has a first IP address for the connection, which is allocated by the IP address 
manager 30 to the user when the connection is established and remains with the user 
until the user hangs up the call. Each user also may have a second IP address, 
dynamically allocated by the IP address manager 30 for communication with a given 
ISP. It is appreciated that the first IP address is used to establish the connection, to 
enable the user to view the HTML page which offers the user a choice of ISPs, and to 
enable the communication necessary to switch between ISPs, while the second HP 
address is used for communicating with the Internet. Typically, during operation of the 
present invention, the first IP address, when used by the user, is translated to the second 
IP address as necessary. Typically, the first EP address may be supplied by a pool of 
private EP addresses in accordance with RFC 1918. 

In step 140, the user is connected to the internal network such as, for 
example, the network 15 of Fig. 1 including the NAS 60, the authentication server 14, 
the EP address manager 30, the central router 50, the accounting server 20, and the 
router configuration server 40. 

In step 150, the user accesses the service HTML (Hyper Text Markup 
Language) home page ft*om her or his browser. The system's server is acting as a 
worldwide web (WWW) server to the home user's client web browser and the user's 
browser renders the HTML web page into a viewable web page. The home page 
typically includes a list of available ISPs 10 and comparative data regarding each 
ISP 10, including the rate/s of the service, for example, as shown in Fig. 2. 

In step 160, the user selects an ISP 10. The user may click on one of the 
displayed ISPs or alternatively, the user may click on one of the following GUI buttons, 
if provided: 

11 
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1. Connect to fastest ISP. 

2. Connect to cheapest ISP. 

3. Connect to most cost-effective ISP. 

In step 1 70, a RADIUS access-request message (including the selected 
ISP) is sent by the NAS 60 to the authentication server 14. The message requests the 
IP manager 30 to allocate an IP address for the connection, from the IP address pool 
of the user-selected ISP 10. 

In step 180, the router configuring engine 40 configures the NAT 
(Network Address Translation) tables of the router 50 and the routing policies of the 
router 50 using a suitable protocol such a HTTP (Hyper Text Transfer Protocol) for 
communications therebetween. 

From this rime on, the user's IP frames are forwarded to the network of 
the user-selected ISP 10 and the user can connect to the Internet. Therefore (step 
190), at this time NAS 60 sends a RADIUS stan-accounting message to 
accounting manager 20. 

At a suitable time (step 200), the user discontinues his connection to 
the current ISP 10, e.g. by pushing the disconnect button or by choosing a different 
ISP). 

Following (step 210), NAS 60 sends a RADIUS stop-accounting 
message to accounting manager 20. 

Accounting manager 20 returns the IP address of the ISP 10 to the IP 
address manager 30 (step 220). 

When the user disconnects the call (step 230), the NAS 60 sends a 
RADIUS stop accounting message to the accounting manager 20 (step 240). The 
accounting manager 20 returns the IP addresses of the connection between the user and 
the system of Fig. 1, described above as the first IP address, and the IP for 
communication with the ISP 10, described above as the second IP address, to the IP 
address manager 30 (step 250). 

A particular advantage of a preferred embodiment of the present 
invention is that each ISP need not establish a POP (point of presence) site in each 
area code within the ISP's customer base. Also, each ISP need not install and maintain 
its own billing and collecting system. 
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Another advantage of a preferred embodiment of the present invention 
is that it allows full scale Internet shopping without the user's having to give out his or 
her credit card number. Instead, payments for bought goods are charged on the 
customer's telephone bill. 

Reference is now made to Fig. 4. which is a simplified block diagram 
illustration of apparatus for providing a virtual POP (point of presence) to an ISP, the 
apparatus being constructed and operative in accordance with another preferred 
embodiment of the present invention. The apparatus of Fig. 4 comprises a routing 
center 245, typically integrated with a telephone local access office (not shown), but 
alternatively functioning as a stand-along routing center. 

The apparatus of Fig. 4 also typically comprises an authentication/ISP 
routing center (AIR) 252, which is provided with a telecommunications link, preferably a 
high-speed private IP network link, to the routing center 245, The AIR 252 typically 
comprises an authentication server 255, typically a RADIUS server as is well known in 
the art. The AIR 252 also typically comprises an ISP routing server 260, which is 
described in more detail below. The authentication server 255 and the ISP routing 
server 260 are preferably provided with an appropriate two-way communications link 
therebetween. 

The apparatus of Fig. 4 also comprises at least one ISP 265. For 
purposes of simplicity of description, only one ISP 265 is shown in Fig. 4. but it is 
appreciated that typically a plurality of distinct ISPs 265 will be provided. 

The operation of the apparatus of Fig. 4 is now briefly described. A user 
270 of the apparatus of Fig. 4, the user 270 typically comprising a home computer user, 
establishes a telecommunications connection, typically a PSTN or ISDN connection, 
with the routing center 245, using methods well-known in the art. The routing center 
245 reports the fact of the incoming call, typically together with identifying information 
such as, typically, the telephone number of the caller, to the AIR 252. 

Within the AIR 252 the identifying information is passed to the 
authentication server 255 and is there authenticated, typically using RADIUS methods, 
as is well-known in the an. If the result of the authentication is a determination that the 
user is not authorized, this fact is passed back to the routing center 245, which typically 
terminates the call of the user 270. If the result of the authentication is a determination 
that the user is authorized, this fact, optionally including further identifying information 

13 
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for the user, is passed to the ISP routing server 260. 

The ISP routing server 260 determines to which ISP 265 the user 270 
should be connected. A determination of an ISP 265 may be based on the telephone 
number chosen by the user 270, such that, from the point of view of the user 270, the 
apparatus of Fig. 4 presents a virtual ISP which functions identically, to the user 270. to 
a real conventional ISP. The telephone number may be obtained using Dialed Number 
Identification System (DNIS), as is well known in the art, or by other appropriate 
means. Alternatively, the determination of the ISP may be based, for example, in whole 
or in part, on any one or combination of the following: the telephone number of the user 
270, which may be determined by a caller identification method, as is well-known in the 
art; identifying information and/or fiirther identifying information of the user 270; profile 
information for the user 270, the profile information typically being stored by the ISP 
routing server 260; by a domain name selected by the user 270, and based on 
information, typically stored by the ISP routing server 260, indicating which one or more 
ISPs is preferred for that domain; or any other appropriate information. 

After the ISP routing server 260 has determined the one ISP 265 to 
which the user 270 should be connected, the AIR 252 communicates the identity of the 
ISP to the routing center 245, The routing center 245 then sets up an appropriate 
routing definition, as is well-known in the art, and routes IP packets between the user 
270 and the ISP 265, transparently to the user 270 and the ISP 265. Thus a virtual 
user-ISP connection, virtual in the sense that the physical link between the routing center 
245 and the ISP 265 can be used to establish many such connections for a plurality of 
users, is established between the user 270 and the ISP 265, and thus the apparatus of 
Fig. 4 acts effectively as a virtual POP. 

Preferably, the routing center 245 is operative to maintain accounting 
records of all connections from any user 270 to any ISP 265, the accounting records and 
the apparatus and methods used for maintaining the accounting records typically being 
similar to those well-known in the art in telephone central office systems: Preferably, 
accounting records maintained by the routing center 245 are used to report usage and/or 
charges to each ISP 265, or to directly invoice each user 270, typically in accordance 
with rates and regulations established by each ISP 265, for usage of each ISP 265. 
Alternatively or additionally, the accounting records may be used to charge each ISP 
265 for routing services provided. 

14 
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In the apparatus of Fig. 4 any appropriate communications link, such as a 
private network as is well-known in the art, may be used for communications between 
the routing center 245 and the AIR 252. 

Reference is now made to Fig. 5, which is a simplified flowchart 
illustration of a preferred method of operation of the apparatus of Fig. 4. The method of 
Fig. 5 preferably includes the following steps: 

Communications, typically in the form of an available channel for 
communications which may not yet be in active use, is provided, from a network 
routing center such as the network routing center 245 of Fig. 4, with a network user and 
with at least one ISP (step 275). Upon receipt of an identification of the network user 
from the routing center (step 280), typically as described above with reference to Fig. 4, 
the network user is typically authenticated (step 285). The authentication is based, at 
least in part, on the identification of the network user from step 280, and may also be 
based on a variety of other factors as described above with reference to Fig. 4. Such 
other factors might include, for example, smart token authentication, one-time password 
authentication, and smart-card based authentication, which are well-known in the art. 
Although it is believed to be preferable to include step 285 in the method of Fig. 5, it is 
appreciated that, in another preferred embodiment of the method of Fig. 5, step 285 may 
be omitted. 

An ISP is chosen, typically based in part on a telephone number called by 
the user and/or on the authenticated identification of the user and/or on other factors, as 
described above with reference to Fig. 4; an ISP identification identifying the ISP is 
communicated to the routing center (step 290). 

Communications are routed from the network user to an ISP associated 
with the ISP identification (step 300). 

It will be appreciated by persons skilled in the art that the method of Fig. 
5 provides network users and ISPs with a virtual point of presence. It will also be 
appreciated by persons skilled in the an that the method of Fig. 5 when used with the 
apparatus of Fig. 4, by consolidating the necessary infrastructure for a plurality of ISPs, 
allows pooling of unused resources that would, in a conventional prior art system, be 
unavoidably split between ISPs. Such pooled unused resources could be used for a 
variety of purposes such as, for example, to consolidate unused bandwidth during off 
peak hours for resale, such as, for example, for resale by ISPs as leased lines, typically 
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Tl or T3 lines. 

Reference is now made to Fig. 6, which is a simplified block diagram 
illustration of a preferred embodiment of the routing center 245 of Fig. 4. It is 
appreciated, as described fiinher below, that components of Fig. 6 may also be used in a 
5 preferred embodiment of the system of Fig. 1, to perform similar functions therein. 

The apparatus of Fig. 6 preferably comprises a routing control unit 310. 
The routing control unit 310 may be operative, as described above with reference to Fig. 
4, to perform the routing operations of the routing center 245 of Fig. 4. 

The apparatus of Fig. 6 also preferably comprises a database subsystem 
10 320 and a repoaing subsystem 330. The database subsystem 320 and the reporting 
subsystem 330 may, if comprised in a preferred embodiment of the system of Fig. 1, be 
comprised, for example, in the accounting server 20 of Fig. 1, or in any other 
appropriate component of the system of Fig. 1. 

The routing control unit 310, the database subsystem 320, and the 
15 reporting subsystem 330 are preferably implemented in any suitable combination of 
computer hardware and software, as is well-known in the art. The routing control unit 
310, the database subsystem 320, and the reporting subsystem 330 are all preferably in 
operative communication with each other. 

The operation of the apparatus of Fig. 6 is now briefly described. The 
20 routing control unit 310 reports its routing activities, typically but not necessarily 
including essentially all of its routing activities, to the database subsystem 320, which 
stores the reported activities in any appropriate database. Typically, routing activities 
reported include, for a combination of the operations of the system of Fig. 1 and the 
apparatus of Fig. 4, one or more of the following: user requests to connect to a 
25 particular ISP; automatic user connection to an ISP; length of user session; number of 
packets and/or bytes transferred during user session; charges allocated to users, ISPs, or 
others; and any other appropriate available information on the usage and operation of 
the system of Fig. 1 and/or the apparatus of Fig, 4. 

The reporting system 330 is operative, typically upon receipt of a request 
30 fi^om an administrative user of the system and/or periodically, to analyze some or all of 
the information comprised in the database maintained by the database subsystem 320 and 
to generate reports based thereon. It is appreciated that a very wide variety of reports 
could thus be generated. Some examples of information which might typically be 
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included in such a report include the following: 

utilization of infrastructure, such as, for example, phone lines and 
communications bandwidth, by ISP or other service provider, by type of port or 
connection, by EP address, or by any other appropriate factor; 

distribution of calls between network access servers, between ISPs or 
other service providers, or otherwise; 

detection of possible system bottlenecks or potential future system 

bottlenecks; 

planning projections of future system usage based on current system 

usage; 

revenue reports; 

availability and unavailability reports, due to system faults or other 

events; 

service utilization reports; 

reports on the impact of known promotional activities on system usage; 

and 

any of the above reports according to hours of the day, days of the week, 
and/or peak and off peak hours and/or days; 

It is appreciated that, given the apparatus of Figs. 1, 4, and 6 and the 
above description, a person skilled in the art could produce the above reports using 
methods well known in the art, particular in the fields of database systems and 
management reporting. 

Reference is now made to Fig. 7, which is a simplified flowchart 
illustration of a preferred method of operation of the apparatus of Fig. 1 or the apparatus 
of Fig. 4. The method of Fig. 7 will be described primarily with implicit reference to 
Fig. 4, it being appreciated that a person skilled in the art could also use the method of 
Fig. 7 with the apparatus of Fig. 1. It is also appreciated that the method of Fig. 7 is 
generally useful for accounting for payments internal to the systems of Fig. 1 and Fig. 4. 

The method of Fig, 7 preferably includes the following steps: 

A connection is established, through a routing center 245, between a user 
270 and a service provider ISP 265 (step 340). The connection may be established using 
any appropriate method, typically as explained above with reference to Figs. 1 and 4, in 
which the routing center or a similar system component is responsible for maintaining 
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the connection between the user and the service provider. The routing center routes the 
communications between the user and the service provider (step 350), typically as 
explained above. 

The user 270 requests, through the service provider an item associated 
with a payment (step 360). Without limiting the generality of the foregoing, typically the 
provider comprises an ISP and the user request is made through a site on the WWW, the 
site being accessed by the user via the ISP, and hence, transparently to the user, via the 
routing center. 

At the point where payment is to be authorized, the authorization is 
initiated by the routing center (step 370), and the routing center receives thereafter 
billing information including a request to make the payment (step 380). Typically, in the 
case referred to above of a WWW site, the billing information originates at the WWW 
site. 

The following steps are typically performed but are optional; The routing 
center aggregates a plurality of requested payments into a single payment (step 390) and 
pays the requested payment, typically an aggregated payment (step 400). It is 
appreciated that payments in the WWW may be very small, and that therefore the ability 
to aggregate small payments, including small payments from different users, and to pay 
in a single aggregated payment is preferably included in the method of Fig. 7. 

It is appreciated that the software components of the present invention 
may, if desired, be implemented in ROM (read-only memory) form. The software 
components may, generally, be implemented in hardware, if desired, using 
conventional techniques. 

It is appreciated that various features of the invention which are, for 
clarity, described in the contexts of separate embodiments may also be provided in 
combination in a single embodiment. Conversely, various features of the invention 
which are, for brevity, described in the context of a single embodiment may also be 
provided separately or in any suitable subcombination. 

It will be appreciated by persons skilled in the art that the present 
invention is not limited to what has been panicularly shown and described hereinabove. 
Rather, the scope of the present invention is defined only by the claims that follow: 
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J- A system for connecting to Internet service providers via networking 

circuitry, the system comprising: 

a user interface operative to display information regarding a plurality of 
Internet service providers including quality of service information and to accept a user's 
choice of an Internet service provider from among the plurality of Internet service 
providers, thereby to define a user-selected Internet service provider; and 

a configurator operative to connect the user to the user-selected Internet 
service provider by generating an on-the-fly configuration of the networking circuitry. 

2. A system according to claim 1 wherein the user interface comprises 

a web-based display. 

3- A system according to claim 1 or claim 2 wherein the user interface 

comprises a display of at least some of the plurality of Internet service providers. 

4. A system according to claim 1 or claim 2 and also comprising user 
identification apparatus operative to identify the user. 

5. A system according to claim 4 and wherein the user identification 
apparatus is operative to identify the user based on a telephone number used by the user 
to establish a connection with the system. 

6. A method for connecting to Internet service providers via networking 
circuitry, the method comprising: 

displaying information regarding a plurality of Internet service providers 
including quality of service information; 

accepting a user's choice of an Internet service provider from among the 
plurality of Internet service providers, thereby to define a user-selected Internet service 
provider; and 

connecting the user to the user-selected Internet service provider by 
generating an on-the-fly configuration of the networking circuitry. 
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7. A virtual point of presence (POP) comprising: 

a routing center operative to communicate with a network user and with 
at least one Internet Service Provider (ISP) and to route communications therebetween; 
and 

an authentication and ISP routing center receiving an identification of the 
network user from the routing center and operative: 

to authenticate the network user based, at least in part, on the 
identification of the network user; and 

to choose an ISP and to communicate an ISP identification 
identifying the ISP to the routing center, 

wherein the routing center is operative, upon receipt of the ISP 
identification, to route communications from the network user to an ISP associated with 
the ISP identification. 

8. Apparatus according to claim 7 and wherein the authentication and ISP 
routing center is operative to choose the ISP based on a telephone number of the 
network user. 

9. Apparatus according to claim 7 wherein the authentication and ISP 
routing center is operative to choose the ISP based, at least in part, on at least one of the 
following: a telephone number of the network user; identifying information of the 
network user; and profile information of the network user. 

10. Apparatus according to claim 7 and wherein the routing center is also 
operative to maintain accounting records of routing services performed for the network 
user and the ISP. 

11. A method for providing a virtual point of presence (POP) using a 
network routing center, the method comprising: 

providing communications, from the network routing center, with a 
network user and with at least one Internet Service Provider (ISP); 
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receiving an identification of the network user from the routing center; 

authenticating the network user based, at least in pan, on the 
identification of the network user; 

choosing an ISP and communicating an ISP identification identifying the 
ISP to the routing center; and 

routing communications from the network user to an ISP associated with 
the ISP identification. 

12. A method according to claim 6 or claim 1 1 and also comprising: 
storing utilization information in a database. 

13. A method according to claim 12 and also comprising: 
producing a report based on the utilization information. 

14. A payment processing method for processing payments over a network, 
the network comprising a routing center for routing communications between at least 
one user and at least one service provider, the method comprising: 

establishing a connection, through the routing center, between a user and 
a service provider; 

routing communications, at the routing center, between the user and the 
service provider; 

requesting, through the service provider, an item associated with a 

payment; 

initiating, at the routing center, an authorization of the payment; and 
receiving, at the routing center, billing information including a request to 
pay the payment. 

15. A method according to claim 14 and also comprising: 
paying the requested payment from the routing center. 

16. A method according to claim 15 and also wherein the paying step 
comprises: 
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aggregating a plurality of requested payments into a single payment. 



17. A method according to any of claims 14-16 and wherein the service 
provider comprises an Internet service provider (ISP), and 

the requesting step comprises requesting an item from a World Wide 
Web (WWW) site. 

18. A system according to claim 1 and also comprising an on-the-fly ISP 
performance monitor operative to monitor performance of at least one ISP on the fly 
and to supply at least one quality of service parameter to the user interface for display. 

19. A system according to claim 1 and also comprising an infrastructure 
leaser operative to lease network infrastructure to at least one Internet service provider. 

20. A system according to claim 19 wherein the infrastructure leaser is 
operative to lease network infrastructure to at least one Internet service provider from 
among said plurality of Internet service providers. 

21. A system according to claim 19 and also comprising a resource utilization 
monitor operative to record information regarding occurrence of at least one of the 
following situations with respect to network infrastructure leased by at least one Internet 
service provider: 

underutilization of the infrastructure leased by the at least one Internet 
service provider; and 

overutilization of the infrastructure leased by the at least one Internet 
service provider. 

22. A system according to claim 21 wherein said recording step is performed 
on the fly. 
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FIG. 3 
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FIG. 5 
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FIG. 7 
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